本文介绍了在Spring Security + Spring Boot中禁用同一用户的多次登录的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我具有以下弹簧配置:-
I have the below spring configuration :-
static SessionRegistry SR;
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/", "/forgotPwd", "/resetPwd").permitAll()
.anyRequest().authenticated().and().formLogin().loginPage("/login")
.defaultSuccessUrl("/home").failureUrl("/login?error").permitAll()
.successHandler(authenticationSuccessHandler) // autowired or defined below
.and().logout()
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.logoutSuccessHandler(myLogoutSuccessHandler)
.permitAll()
.and().sessionManagement()
.maximumSessions(1)
.maxSessionsPreventsLogin(true)
.sessionRegistry(SR);
}
@Bean
public ServletListenerRegistrationBean<HttpSessionEventPublisher> httpSessionEventPublisher() {
return new ServletListenerRegistrationBean<HttpSessionEventPublisher>(new HttpSessionEventPublisher());
}
我期望 sessionManagement().maximumSessions(1)
禁用同一用户的多次登录.它正在工作,但是第一个用户登出
该应用程序,因此我正在尝试在其他浏览器中登录,但显示此帐户已被某人使用
.
I was expecting sessionManagement().maximumSessions(1)
to disable multiple login for the same user. It is working, but first user logout
the application, so i am trying login in another browser but it showing This account is already using by someone
.
请您让我知道问题出在哪里.
Kindly request you to let me know where its going wrong.
推荐答案
删除您的 httpSessionEventPublisher
和 SessionRegistry
尝试此配置:
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/", "/forgotPwd", "/resetPwd").permitAll()
.anyRequest().authenticated()
.and()
.formLogin().loginPage("/login").defaultSuccessUrl("/home").failureUrl("/login?error").permitAll()
.and()
.sessionManagement()
.maximumSessions(1);
}
您可以在 application.properties
server.session.timeout= # Session timeout in seconds.
这篇关于在Spring Security + Spring Boot中禁用同一用户的多次登录的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!